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Claims 

1. A method for making a blind digital RSA-signature, comprising steps of; choosing se- 
cret factors and an RSA-module corresponding to them, choosing at least one admissible 
public RSA-exponent, choosing initial data, choosing a randomized blinding key, choosing 

5 an encryption RSA-key whose module corresponds to the chosen RSA-module and whose 
exponent corresponds to the chosen blinding key with which key an RSA-encryption is 
performed while creating blinded data, arbitrarily choosing a secret RSA-key correspond- 
ing to the chosen secret factors and an arbitrary admissible public RSA-exponent, and cre- 
ating a digital RSA-signature on the blinded data corresponding to said secret RSA-key, 
10 unblinding the created digital RSA-signature on the blinded data by inputting the digital 
RSA-signature on the blinded data, the blinding key, the RSA module, and the public 
RSA-exponent corresponding to the secret RSA-key used in creating the digital RSA- 
signature on the blinded data, into an unblinding converter whose output data are obtained 
as the digital RSA-signature on the chosen initial data, characterized in that during the step 
15 of creating the blinded data an RSA-encryption of the chosen initial data is performed, 
during the step of unblinding the created digital RSA-signature on the blinded data the 
chosen initial data are input additionally into the unblinding converter, a masking factor 
coprime to each admissible public RSA-exponent is additionally chosen, and the blinding 
key is chosen coprime to each admissible public RSA-exponent and as a multiple to the 
20 chosen masking factor. 

2. The method for making a blind digital RSA-signature according to Claim 1, charac- 
terized in that during the step of unblinding the created digital RSA-signature on the 
blinded data the chosen initial data prehminarily input into the unblinding converter are fed 
to one of base inputs of a modular multiplicative Euclidean converter (MMEC) contained 

S 25 in said unblinding converter, the created digital RSA-signature on the blinded data pre- 

^0 liminarily input into the unblinding converter is fed to another base input of said unblind- 

^ ing converter, the chosen blinding key is fed to an exponent input of the MMEC corre- 

sponding to that base input on which said chosen initial data are fed, and the public RSA- 
exponent, which is preliminarily input into said unblinding converter and corresponds to 
30 the secret key utilized during creating the digital RSA-signature on the blinded data, is fed 
to an exponent input of the MMEC corresponding to that base input on which the created 
digital RSA-signature on the blinded data is fed. 

3. The method for making a bhnd digital RSA-signature according to Claim 1, charac- 
terized in that the randomized blinding key is chosen by a random-number generator. 

35 4. The method for making a blind digital RSA-signature according to Claim 3, charac- 
terized in that the step of choosing the randomized blinding key coprime to the chosen ad- 
missible public RSA-exponents is performed by correcting output data of the random- 
number generator with the chosen admissible public RSA-exponents. 

5. The method for making a blind digital RSA-signature according to Claim 3, charac- 
40 terized in that the step of choosing the randomized blinding key is performed by testing 

whether the output data of the random-number generator are coprime to the chosen admis- 
sible public RSA-exponents. 

6. The method for making a bhnd digital RSA-signature according to Claim 1, charac- 
terized in that the masking factor is chosen multiple to the greatest common divisor of the 
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secret factors decremented by 1, and also to each divisor which is less than the predeter- 
mined bound and modulo which at least one of the secret factors is congruent to 1 . 

7. The method for making a blind digital RSA-signature according to Claim 6, charac- 
terized in that the step of choosing the masking factor multiple to the greatest common di- 

5 visor of the secret factors decremented by 1 is performed by choosing an RS A-module cor- 
responding to two secret factors, and by choosing the masking factor multiple to the great- 
est one of those divisors of the RSA-module decremented by 1 that are coprime to the cho- 
sen admissible public RSA-exponents. 

8. The method for making a blind digital RSA-signature according to Claim 7, charac- 
10 terized in that the step of choosing the masking factor multiple to the greatest one of those 

divisors of the RSA-module decremented by 1 that are coprime to the chosen admissible 
public RSA-exponents, is performed by choosing admissible public RSA-exponents co- 
prime to said RSA-module decremented by 1, and by choosing said RSA-module decre- 
mented by 1 as the masking factor. 
15 9. The method for making a blind digital RSA-signature according to Claim 6, charac- 
terized in that the step of choosing the masking factor multiple to each divisor which is less 
than the predetermined bound and modulo which at least one of the secret factors is con- 
gruent to 1, is performed by additionally testing the secret factors to be congruent to 1 
modulo all those divisors which are greater than two and less than the predetermined 


m 

y 20 bound 


10. The method for making a blind digital RSA-signature according to Claim 6, charac- 
terized in that the step of choosing the masking factor multiple to the greatest common di- 

1^ visor of the secret factors decremented by 1 is performed by additionally pairwise testing 

py the secret factors, during the step of choosing them, for a simultaneous congruence to 1 

25 modulo all those divisors that are greater than two, and by choosing the masking factor 
even, wherein in the step of choosing the secret factors a simultaneous pairwise non- 
congruence to 1 modulo all those divisors greater than two is accepted as a criterion of the 
step of choosing the secret factors. 

11. The method for making a blind digital RSA-signature according to Claim 10, charac- 
30 terized in that the step of additionally pairwise testing the secret factors for a simultaneous 

congruence to 1 modulo all those divisors greater than two, is performed by comparing the 
value of the greatest common divisor of the secret factors decremented by 1 with an integer 
equal to two. 

12. The method for making a blind digital RSA-signature according to Claim 1, charac- 
35 terized in that in the step of creating the blinded data the RSA-encryption of the chosen 

initial data is performed by means of a modular exponentiator. 

13. The method for making a blind digital RSA-signature according to Claim 1, charac- 
terized in that an integer equal to two is chosen as the masking factor, during the step of 
choosing the secret factors they are additionally tested for a congruence to 1 modulo all 

40 those divisors greater than two and less than the predetermined bound and, pairwise, for a 
simultaneous congruence to 1 modulo all those divisors greater than two, wherein a non- 
congruence to 1 modulo all those divisors greater than two and less than the predetermined 
bound and a simultaneous pairwise non-congruence to 1 modulo all those divisors greater 
than two is accepted as a criterion of the step of choosing the secret factors. 
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14.. The method for making a blind digital RSA-signature according to Claim 13, charac- 
terized in that in the step of choosing the secret factors, the step of additionally pairwise 
testing the secret factors for the simultaneous congruence to 1 modulo all those divisors 
greater than two is performed by comparing the value of the greatest common divisor of 
5 the secret factors decremented by 1 with an integer equal to two. 

15. The method for making a blind digital RSA-signature according to Claim 1, charac- 
terized in that the RSA-signature on the blinded data is created by means of a modular ex- 
ponentiator. 

16. The method for making a blind digital RSA-signature according to Claim 1, charac- 
10 terized in that the RSA-module is chosen corresponding to two secret factors, the admissi- 
ble pubUc RSA-exponents are chosen coprime to the RSA-module decremented by 1, in 
the step of choosing the secret factors said secret factors are testing for a congruence to 1 
modulo all those divisors greater than two and less than the predetermined bound, wherein 
a non-congruence to 1 modulo all those divisors greater than two and less than the prede- 

1 5 termined bound is accepted as a criterion of the step of choosing the secret factors, and the 
P masking factor is chosen multiple to the RSA-module decremented by 1 . 

17. The method for making a bUnd digital RSA-signature according to Claim 16, charac- 
% terized in that the RSA-module decremented by 1 is chosen as the masking factor. 

|n 18. The method for making a blind digital RSA-signature according to Claim 6, or the 

UJ 20 Claim 13, or the Claim 16, characterized in that the predetermined bound is chosen ac- 

cording to the predetermined blinding level, 
f ' 19. The method for making a blind digital RSA-signature according to Claim 1, charac- 

1^ terized in that in the step of choosing the admissible public RSA-exponents an arbitrary 

[y public RSA-exponent whose only divisors are divisors of arbitrarily chosen basic public 

25 RSA-exponents is accepted as the admissible public RSA-exponent. 
^ 20. The method for making a blind digital RSA-signature according to Claim 19, charac- 

^ terized in that the step of choosing the blinding key coprime to each admissible public 

RSA-exponent is performed by testing whether said blinding key is coprime to each basic 

public RSA-exponent. 

30 21. The method for making a blind digital RSA-signature according to Claim 19, charac- 
terized in that the step of choosing the blinding key coprime to each admissible public 
RSA-exponent is performed by correcting the output data of the random-number generator 
by the chosen basic public RSA-exponents. 


25 

22. A method for making a blind digital RSA-signature, comprising steps of: choosing se- 
cret factors and an RSA-module corresponding to them, choosing at least one admissible 
public RSA-exponent, choosing initial data, choosing a randomized blinding key, choosing 
an encryption RSA-key whose module corresponds to the chosen RSA-module and with 

5 which the RSA-encryption is performed while creating the blinded data, the chosen initial 
data being processed with a result of the RSA-encryption while creating the blinded data, 
arbitrarily choosing a secret RSA-key corresponding to the chosen secret factors and an ar- 
bitrary admissible public RSA-exponent, and creating a digital RSA-signature on the 
blinded data, corresponding to said secret RSA-key, creating an unblinding key corre- 

10 sponding to the blinding key and the secret RSA-key utilized while creating the digital 
RSA-signature on the blinded data, unblinding the created digital RSA-signature on the 
blinded data by inputting the digital RSA-signature on the blinded data, which step of un- 
blinding is performed by inputting said digital RSA-signature, the unblinding key and the 
RSA-module into an unblinding converter whose output data are received as the digital 

15 RSA-signature on the chosen initial data, characterized in that during the step of choosing 
at least one admissible public RSA-exponent a step of additionally choosing at least one 
basic public RSA-exponent is performed, for each of which basic public RSA-exponents 
an arbitrary limiting multiplicity is chosen, and an arbitrary public RSA-exponent consti- 
tuted from the chosen basic public RSA-exponents is accepted as the admissible public 

20 RSA-exponent, a multiplicity of each chosen basic public RSA-exponent being taken 
within a range of the chosen limiting multiplicity, during the step of creating the blinded 
data a step of RSA-encryption the chosen blinding key is performed, the encryption RSA- 
key by which the step of RSA-encryption being performed during the step of creating the 
blinded data is chosen corresponding to an RSA-exponent constituted from the chosen ba- 

25 sic public RSA-exponents each of which being taken in the chosen Umiting multiplicity, 
the step of arbitrarily choosing the secret RSA-key corresponding to the chosen secret 
factors and arbitrary admissible public RSA-exponent is performed by arbitrarily choosing 
utilized multiplicities of the basic public RSA-exponents within a range of the chosen lim- 
iting multiplicities of the basic public RSA-exponents, and the unblinding key is created by 

30 RSA-encryption of the blinding key with the encryption RSA-key as a module of which 
the RSA-module is taken, and whose RSA-exponent corresponds to the basic public RSA- 
exponents, each of said basic public RSA-exponents being taken in a multiplicity equal to 
the difference between the limiting multipUcity corresponding to said basic public RSA- 
exponent and the utilized multiplicity chosen in the step of arbitrarily choosing the secret 

35 key and corresponding to said limiting multipUcity. 

23 . The method for making a blind digital RSA-signature according to Claim 22, charac- 
terized in that the step of choosing the randomized blinding key is performed by means of 
a random-number generator. 

24. The method for making a blind digital RSA-signature according to Claim 22, charac- 
40 terized in that in the step of creating the blinded data the step of RSA-encryption of the 

chosen blinding key is performed by consecutive RSA-encryptions with the encryption 
RSA-keys, the RSA-module being taken as a module of each of said RSA-keys, and the 
basic public RSA-exponents being taken as the RSA-exponents, each of said basic public 
RSA-exponents being taken in the chosen Umiting multiplicity. 




25. The method for making a bUnd digital RS A- signature according to Claim 22, charac- 
terized in that the step of creating the unblinding key by RSA-encryption of the blinding 
key with the encryption RSA-key is performed by consecutive RSA-encryptions with the 
encryption RS A-keys, the RSA-module being taken as a module of each of said RSA-keys, 
and the basic public RS A-exponents being taken as the RS A-exponents, each of said basic 
public RSA-exponents being taken in the multiplicity equal to the difference between the 
limiting multiplicity corresponding to said basic public RSA-exponent, and a utilized mul- 
tiplicity chosen in the step of arbitrarily choosing the secret key and corresponding to said 
limiting multiplicity. 

26. The method for making a blind digital RSA-signature according to Claim 22, charac- 
terized in that the step of RSA-encryption during steps of creating the blinded data and 
creating the unblinding key is performed by means of a modular exponentiator. 

27. The method for making a blind digital RSA-signature according to Claim 22, charac- 
terized in that the digital RSA-signature on the blinded data is created by means of a 
modular exponentiator. 
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28. An apparatus for making a blind digital RSA-signature, comprising a blinding key 
choice unit having a random-number generator and a bhnding unit having a modular expo- 
nentiator whose module input being connected to a module input of the blinding unit and 
whose exponent input being connected to a blinding key input of the blinding unit, said 

5 blinding unit has an initial data input and one output being connected to a signature data 
input of a signature unit which has a secret key input and one output being connected to an 
unblinding data input of an unblinding unit which has a signature output, a module input, 
an exponent input and a blinding key input, characterized in that a base input of the 
modular exponentiator of the blinding unit is connected to the initial data input of the 
10 blinding unit, and the output of the modular exponentiator is connected to the output of the 
blinding unit, the unblinding unit has additionally an initial data input and comprises a 
modular multiplicative Euclidean converter (MMEC) having a module input, base inputs 
and exponent inputs corresponding to each of said base inputs, the module input of the un- 
blinding unit being connected to the module input of the MMEC, the initial data input of 
15 the unbhnding unit being connected to one of the base inputs of the MMEC, and an un- 
blinding data input of the unblinding unit being connected to another base input of the 
MMEC, the blinding key input of the unblinding unit is connected to the exponent input of 
the MMEC which corresponds to the base input of the MMEC connected to the unblinding 
data input of the unblinding unit, and the exponent input of the unbhnding unit is con- 
y 20 nected to the exponent input of the MMEC which corresponds to the base input of the 

MMEC connected to the initial data input of the unblinding unit, and the output of the un- 
blinding unit is connected to the output of the MMEC, the blinding key choice unit com- 
prises additionally an arithmetic controller with two limiting inputs which are accepted 
conditionally as first and second Umiting inputs, the arithmetic controller being connected 
25 to the random-number generator, an output of the arithmetic controller is connected to the 
output of the blinding key choice unit, and the arithmetic controller is made so as to pro- 
vide output data of the bUnding key choice unit coprime to integers fed onto the first lim- 
iting input of the arithmetic controller, and to provide the divisibility of the output data of 
the blinding key choice unit with an integer fed onto the second limiting input of the arith- 
30 metic controller. 

29. The apparatus for making a blind digital RSA-signature according to Claim 28, char- 
acterized in that the connection of the arithmetic controller to the random-number genera- 
tor is performed by means of connecting the output of the random-number generator to the 
input accepted conditionally as test data input of the arithmetic controller, and coprimality 

35 of the output data of the bUnding key choice unit to integers fed onto the first limiting input 
of the arithmetic controller and the divisibility of the output data of the blinding key choice 
unit with an integer fed onto the second Umiting input of the arithmetic controller are pro- 
vided by means of that the arithmetic controller comprises a multiplier and a coprimality 
tester, the first limiting input of the arithmetic controller being connected to an input of the 
40 coprimality tester, the test data input being connected to another input of the coprimality 
tester and to an argument input of the multiplier, an output of the coprimality tester being 
connected to a loading input of the multiplier, and the second Umiting input of the arithm- 
etic controller being connected to the argument input of the multiplier, whose output is 
connected to the output of the arithmetic controUer. 


